Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp56678pxu; Wed, 2 Dec 2020 14:58:02 -0800 (PST) X-Google-Smtp-Source: ABdhPJy3iL+FJRj891c61dpAQg0fpHoOPwWc9e2bxAC6l2zPe/7n/CciG7oakkbn3XvhVO88C5vV X-Received: by 2002:a05:6402:a45:: with SMTP id bt5mr301016edb.130.1606949882200; Wed, 02 Dec 2020 14:58:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606949882; cv=none; d=google.com; s=arc-20160816; b=MyB9CtFJAIPY87I+AarWFBUz2OH2663K0pz4K4FVE8dTKLyx9gMHKzIjdEFQCF1Qv9 GYnDpNTMB4b+Xfa8QVt/PqXWOc7+/Zxpp+c4HZ31j053n9nxKrnyMVhPpa37wA736nyi lxzRU+fsr47MscdAzL5LZLF6A/WNAAP05VB1ojWclxXc89SnT7Vqntu4xFkQ39MA5oAB d1decos2rSbWGr595aCnPWa3BO+T5ED6Jqv2+Pcjq2B/kz/p11UGls//8NibSzQRHXAo aKiAValLjWvKHsPA5wk6N1rQpXPixEiMsmX2C5IoJlRrb4chLrJ7EIw6BS+P791dCf6a Nizw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from :dkim-signature:dkim-filter; bh=e23lMBrIqh6/a1IB0MTiMhnf/lgSgpVBGyI898DqklY=; b=O30ST/+fQgI/RM3bsHooXrLHATEhPgsJCqF6ipCDGnV0DZCIIZJHV3Mp3HyTySqYRD Kuw5xYWoTjPA7cK4nwloldD0UMFlcZsFiC/a3J8LjKwSp1eE5ZmvYH7vvgDZdpBd28Zd E10sTDE1a2mU1mWH8BQIWXUBIgWNHM5gDB75Fk7J5KzqjqZdRHds8j6kT+rmnEHHHv0R bhFqc6DRnJXTGNOzoi1DZYc7NTlj+48EXlL/X2VwCVhEazfBaMsbIkzmXo0U8/B+4wEc E9WqZe+HmJmaGERgTzvR3nMa2qlEOnhfqBJTx3UA06gV/lIx5IK6TyjlNG0h+30ZHiyt YocQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fieldses.org header.s=default header.b=UFaKV5zF; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id rn21si38952ejb.130.2020.12.02.14.57.29; Wed, 02 Dec 2020 14:58:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@fieldses.org header.s=default header.b=UFaKV5zF; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726518AbgLBW51 (ORCPT + 99 others); Wed, 2 Dec 2020 17:57:27 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37110 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726254AbgLBW51 (ORCPT ); Wed, 2 Dec 2020 17:57:27 -0500 Received: from fieldses.org (fieldses.org [IPv6:2600:3c00:e000:2f7::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6E245C0617A7 for ; Wed, 2 Dec 2020 14:56:47 -0800 (PST) Received: by fieldses.org (Postfix, from userid 2815) id 26CC936E1; Wed, 2 Dec 2020 17:56:46 -0500 (EST) DKIM-Filter: OpenDKIM Filter v2.11.0 fieldses.org 26CC936E1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fieldses.org; s=default; t=1606949806; bh=e23lMBrIqh6/a1IB0MTiMhnf/lgSgpVBGyI898DqklY=; h=From:To:Cc:Subject:Date:From; b=UFaKV5zFKjSMWHcImsYwj8KLX51BIpiqdYUhFTyWSz/FXaUG26rc50Lrm1+sFLhhz e0NnOoSyW58sj9EO/2OBMNbl8kqUrgswF3LSzmKEbQKABdbRZ05F26Zzue0V5KO0bW sbC2N1TS2D6K1jj+giuwBY90V847/zl4JJEFQBz8= From: "J. Bruce Fields" To: Steve Dickson Cc: linux-nfs@vger.kernel.org, "J. Bruce Fields" Subject: [PATCH 1/2] mountd: allow high ports on all pseudofs exports Date: Wed, 2 Dec 2020 17:56:43 -0500 Message-Id: <1606949804-31417-1-git-send-email-bfields@fieldses.org> X-Mailer: git-send-email 1.8.3.1 Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org From: "J. Bruce Fields" We originally tried to grant permissions on the v4 pseudoroot filesystem that were the absolute minimum required for a client to reach a given export. This turns out to be complicated, and we've never gotten it quite right. Also, the tradition from the MNT protocol was to allow anyone to browse the list of exports. So, do as we already did with security flavors and just allow clients from high ports to access the whole pseudofilesystem. Signed-off-by: J. Bruce Fields --- utils/mountd/v4root.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c index a9ea167a07e0..2ac4e87898c0 100644 --- a/utils/mountd/v4root.c +++ b/utils/mountd/v4root.c @@ -36,7 +36,7 @@ static nfs_export pseudo_root = { .e_path = "/", .e_flags = NFSEXP_READONLY | NFSEXP_ROOTSQUASH | NFSEXP_NOSUBTREECHECK | NFSEXP_FSID - | NFSEXP_V4ROOT, + | NFSEXP_V4ROOT | NFSEXP_INSECURE_PORT, .e_anonuid = 65534, .e_anongid = 65534, .e_squids = NULL, @@ -60,8 +60,6 @@ set_pseudofs_security(struct exportent *pseudo, int flags) struct flav_info *flav; int i; - if (flags & NFSEXP_INSECURE_PORT) - pseudo->e_flags |= NFSEXP_INSECURE_PORT; if ((flags & NFSEXP_ROOTSQUASH) == 0) pseudo->e_flags &= ~NFSEXP_ROOTSQUASH; for (flav = flav_map; flav < flav_map + flav_map_size; flav++) { @@ -70,8 +68,7 @@ set_pseudofs_security(struct exportent *pseudo, int flags) i = secinfo_addflavor(flav, pseudo); new = &pseudo->e_secinfo[i]; - if (flags & NFSEXP_INSECURE_PORT) - new->flags |= NFSEXP_INSECURE_PORT; + new->flags |= NFSEXP_INSECURE_PORT; } } -- 2.28.0